{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22808", "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "dateUpdated": "2024-08-03T03:21:49.150Z", "dateReserved": "2022-01-07T00:00:00.000Z", "datePublished": "2022-02-09T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider", "dateUpdated": "2022-11-10T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)"}], "affected": [{"vendor": "n/a", "product": "EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)", "versions": [{"version": "EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)", "status": "affected"}]}], "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:21:49.150Z"}, "title": "CVE Program Container", "references": [{"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1edb_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A5CD70A-52FD-4E85-A9C4-97E0ACDF40F2", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1edb:-:*:*:*:*:*:*:*", "matchCriteriaId": "1EC53351-9F82-4834-98ED-65996CF6A970", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1eds_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "56E91042-68EF-41EF-892E-8313D0C10786", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1eds:-:*:*:*:*:*:*:*", "matchCriteriaId": "152E5C3D-E719-4E98-9E3D-D99A628FE981", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1edm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9EC5F76-9169-4E6A-B098-98FBDA1A5EF1", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1edm:-:*:*:*:*:*:*:*", "matchCriteriaId": "A62922A1-AF94-41B5-A023-3751E9D9DE35", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1edl_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A570EBEB-77F7-4A7E-AB85-1F3A47BEE6FA", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1edl:-:*:*:*:*:*:*:*", "matchCriteriaId": "F98BAF5F-498D-4F02-9D2A-619DCF402A56", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1ess_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB12688D-4523-4549-9888-C5B281C63039", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1ess:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC9BBE04-CBB5-4029-A8E7-373B4768D0AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1esm_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD299356-B471-400F-BCD0-690432D04707", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1esm:-:*:*:*:*:*:*:*", "matchCriteriaId": "B035727B-E8CB-43A4-A291-8E00BA9A1130", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:hmibscea53d1eml_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9DE361FB-E42E-4749-A2FE-3B79E041A42A", "versionEndExcluding": "4.0.0.13", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:hmibscea53d1eml:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1A45F21-C11D-4BED-95DB-C0446AFC14D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A CWE-352: Cross-Site Request Forgery (CSRF) exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13)"}, {"lang": "es", "value": "Una CWE-352: Existe una falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) que podr\u00eda hacer que un atacante remoto obtuviera acceso no autorizado al producto al realizar ataques entre dominios basados en la pol\u00edtica del mismo origen o en la omisi\u00f3n de las protecciones de falsificaci\u00f3n de petici\u00f3n en sitios cruzados. Producto afectado: EcoStruxure EV Charging Expert (antes conocido como EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (Todas las versiones anteriores a SP8 (Versi\u00f3n 01) V4.0.0.13)"}], "id": "CVE-2022-22808", "lastModified": "2024-11-21T06:47:29.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T23:15:19.243", "references": [{"source": "cybersecurity@se.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "cybersecurity@se.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}